Categories Exchange 2003

PDC emulator is not excluded from DSAccess topology

When running the Exchange Best Practices Analyzer Tool [ExBPA] you will probably get the following warning: “PDC emulator is not excluded from the Active Directory (ADAccess) topology”.

This is because it is recommended to exclude the Primary Domain Controller [PDC] from the list of DCs available for use by Exchange.

By default, DSAccess includes the PDC emulator computer in its list of available and usable DCs. If non-Exchange Server programs are making heavy use of the PDC emulator, Exchange can worsen this situation or even suffer from it.

To prevent such performance issues, the MinUserDC registry value can be added to the registry on an Exchange server to force DSAccess to query all other available DCs before querying the domain controller that holds the PDC emulator operations master role.

To create/update MinUserDC registry value:

1. Open the Registry

2. On a computer that is running Exchange Server 2010, locate the following subkey:

HKLM\System\CurrentControlSet\Services\MSExchange ADAccess\Profiles\Default\MinUserDC

On a computer that is running Exchange Server 2007, locate the following subkey:

HKLM\System\CurrentControlSet\Services\MSExchangeDSAccess\Profiles\Default

3. Locate the MinUserDC value and make any required changes. If this DWORD value does not exist, you can manually create it.

Note: The value for the MinUserDC registry entry is the maximum number of DCs to contact before contacting the PDC emulator. For example, setting MinUserDC to 4 configures DSAccess to exclude the PDC emulator only when a total of 4 DCs are available. When this condition is met, the PDC emulator is excluded from use and DSAccess communicates only with the remaining 3 DCs.

Another way to configure the DSAccess component to exclude a particular DC or a list of DCs from use is by using the Set-ExchangeServer cmdlet together with the -StaticExcludedDomainControllers parameter:

Set-ExchangeServer "server" -StaticExcludedDomainControllers "pdc.domain.com"

Get-ExchangeServer "server" -Status | Select Name, StaticExcludedDomainControllers

However, please note that the MinUserDC key will still allow Exchange to use the PDC Emulator if the other DCs/GCs go offline but the static exclude list will not!

Nuno Mota

Nuno Mota is an Exchange MVP working as a Microsoft Messaging Specialist for a financial institution. He is passionate about Exchange, Lync, Active Directory, PowerShell, and Security. Besides writing his personal Exchange blog, LetsExchange.blogspot.com, he regularly participates in the Exchange TechNet forums and is the author of the book “Microsoft Exchange Server 2013 High Availability.”

Share
Published by
Nuno Mota

Recent Posts

What’s next in the evolution of biometrics and facial recognition technology?

Facial recognition technology has matured to the point of being reliable — for better or for worse. What does the…

2 hours ago

Locking down your Exchange server with cipher suites

Cipher suites are a set of algorithms you need to secure your environment, either by using SSL and TLS. Here’s…

5 hours ago

AI cyber risks: What to look out for when deploying AI technology

Artificial intelligence has greatly improved modern life. But businesses must recognize that AI cyber risks exist and take appropriate measures.

21 hours ago

Review: Office 365 synchronizing and administration tool CiraSync

CiraSync offers an enterprise solution for syncing global address list contacts and calendars to smartphones and other mobile devices. Here’s…

1 day ago

HIPAA IT compliance: Privacy and security rules you must know

HIPAA is the mandatory health regulation that must be followed strictly. But if you’re an IT pro in the health-care…

1 day ago

Exchange in-place upgrade? Sorry, folks, just say no!

An Exchange in-place upgrade would be a dream come true. But if you try it, you will find yourself trapped…

2 days ago